What Are You Doing to Reduce Insider Threats?

Most companies agree that background checks are critical in ensuring a good hire.

If events revealed in a background check prevent you from hiring a malicious employee, wouldn’t you want to know the same about an existing employee?

An effective human resources leader wants to put their company in a position for success. But in a company with many employees, how can a small group of HR professionals, with multiple tasks, manage the continuous monitoring it takes to minimize risk and ensure compliance?

The answer is technology. There are a variety of tools that can be used to maintain a company’s safety and health while making HR’s job easier. Today, many of the continuous monitoring tools are currently in place in the IT department. IT constantly observes device level activity to ensure against data loss and theft as well as unauthorized access.

Human resources can do the same in the observation of employee behavior across criminal, civil, sanctions/watchlists and licensing data. After all, minimizing employee risk as well as deterring insider threats comes down to knowing your employee. When looking into the appropriate tools for your company, it is imperative to acquire efficient and cost-effective insider risk technology for your toolkit.

Keep in mind when implementing insider risk programs that secure boils down to device and people security. On the people side, “To know or not to know?” is the question.

Why continuous monitoring?

Why would you want to know? Poor employee behavior often comes into your organization from the outside in. Gartner, an industry research analyst firm, reported that 80% of insider threats can be caught by monitoring employee’s behaviors and the pressures they face in their personal lives. Accessing information or downloading data often times is part of an employee’s normal job duties. But being alerted to the download of data and knowing your employee recently had a lien placed on their home adds meaning to an otherwise normal event.

Even more concerning is when an insider engages with your customers. Companies now export their risk in the form of work done on customer’s IT systems, installation of home improvement products, or perhaps providing assisted care to the elderly. Much of the financial well-being of a company depends on the reliability and responsibility of its employees and contractors.

Limiting insider risk

In turn, it then becomes HR’s job to limit insider risk as much as possible and to ensure the safety of its customers. When customers are getting into a stranger’s car, or letting someone into their home to take care of a loved one, companies need to be able to provide extra assurances that they will be safe. HR is being tasked to move beyond regulation and compliance to now think about revenue assurance when customers are being served by employees and contractors.

HR must continually be sure that the employees entering into customers’ homes are responsible, present low risk, and portray a positive image of their company. To be able to do this, periodic background screenings aren’t enough. Customers are demanding we serve them in real-time, 24/7 with 2-day delivery, which includes continuous risk monitoring solutions that provide immediate insights.

Technology enables monitoring

By implementing a cloud-based platform, companies can monitor public records data 24/7 and be alerted to changes in employees’ lives that pose risks, such as an arrest or bankruptcy. If a company is using a tool that analyzes data such as arrest and financial records in real-time, it can prevent risky employees from entering into a customer’s home and representing your company.

Article Continues Below

For example, on-demand car ride services have become incredibly popular over the past few years. People using these services don’t know whose cars they are getting into. Ride sharing services’ first line of defense is reporting from their customers. Continuous risk monitoring is a deterrent screen that enables these companies to understand their employees and proactively limit the harm they expose their customers to.

You want to be able to evaluate personnel proactively. For example, if a driver got arrested last night for a DUI, you want technology that will notify you right away, instead of waiting weeks for the government to update its database. This keeps customers and the company safe by mitigating risk.

An airline client of ours, one of the largest in the world with 60,000 employees, with 45 days of deploying an insider threat alert system detected over 1,771 incidents, 14 recorded deaths and 55 bookings and arrests. Without the system, it could have taken up to two years — the company’s previous background updating schedule — to discover this.

Legal risks

Companies may also not realize the legal risks they face from potential insider threat incidents. If these insider threats had not been eliminated by the company, they could have faced multiple negligent retention lawsuits. These lawsuits can be charged when an employer knew, or should have known, that an employee was not qualified for their position.

So, to know or not to know? Is that really even a question?

There is truly no disadvantage to knowing what risks are hiding within your company. As an HR representative, with a priority of maintaining the well-being of your workforce, you should have the toolkit that enables you to do just that.

The ultimate goal is to not unfairly judge our employees and contractors. It’s to know our employees as well as we know our customers so we can better serve them and mitigate risk to our organizations, large or small.

Raj Ananthanpillai is the Chairman, CEO and President of IDentrix. Since 2004, he has been the CEO of InfoZen, a mid-tier, advanced IT services firm. Previously, he served as the Chief Strategy Officer of ePlus, Inc. (NASDAQ: PLUS), a business process automation and financial services company. No stranger to start-ups, Ananthanpillai was also the president and CEO of NetBalance, a venture capital backed multimillion dollar Software Company, which was successfully sold in 2000.

Before founding NetBalance, he held senior executive roles at I-NET, a $300M IT managed services firm, and AT&T. He holds an M.S. in Engineering Physics, an M.S. in Electrical Engineering, and an executive education in international business management and financial planning. He is also a Certified Financial Planner (CFP®), has a U.S. patent on “Intelligent Systems Management”, and the author of two books in the area of systems management and managed services.

Topics